package com.cy.security.controller;

import org.springframework.http.HttpRequest;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class ResourceController {
    @PreAuthorize("hasAuthority('sys:res:create')")
    @RequestMapping("/doCreate")
    public String doCreate(){
        return "add resource";
    }

    @PreAuthorize("hasAuthority('sys:res:delete')")
    @RequestMapping("/doDelete")
    public String doDelete(){
        return "delete resource";
    }

    @PreAuthorize("hasAuthority('sys:res:update')")
    @RequestMapping("/doUpdate")
    public String doUpdate(){
        return "update resource";
    }

    @PreAuthorize("hasAuthority('sys:res:retrieve')")
    @RequestMapping("doRetrieve")
    public String doRetrieve(){
        return "retrieve resource";
    }


    @GetMapping("/doGetUser")
    public String doGetUser(){
        Authentication authentication=
                SecurityContextHolder.getContext().getAuthentication();
        User principal = (User)authentication.getPrincipal();
        System.out.println("principal.class: "+principal.getClass());
        return principal.getUsername();
    }


}
